We are excited to announce the release of jPOS 3.0.0, marking a significant step forward in the evolution of the project. This release delivers substantial improvements, feature additions, and modernization efforts aimed at enhancing flexibility, performance, and security.
For a long time, jPOS has evolved version after version, maintaining almost 100% backward compatibility with previous releases—never rocking the boat, so to speak. However, to preserve this backward compatibility, we’ve had to hold back from fully embracing advancements in the Java ecosystem, especially the rapid development and release pace of OpenJDK, which is delivering incredible results and exciting new features.
In 2022, we announced jPOS Next, introducing a new branch naming convention: master and next. Unintentionally, we ended up implementing something closely aligned with the JEP 14: Tip & Tail release model that was recently published. Our current next
branch functions as the Tip, while master
serves as the Tail. In the future, we may adjust this naming to better align with the JEP 14 terminology.
Tip & tail is a release model for software libraries that gives application developers a better experience while helping library developers innovate faster. The tip release of a library contains new features and bug fixes, while tail releases contain only critical bug fixes. As little as possible is backported from the tip to the tails. The JDK has used tip & tail since 2018 to deliver new features at a faster pace, as well as to provide reliable and predictable updates for users focused on stability.
Key Features and Changes
- Java Baseline Upgrade: The baseline is now Java 23, embracing the latest language features and performance enhancements.
- Gradle Upgrades: Build system upgraded to Gradle 8.11.1, incorporating Version Catalogs for dependency management.
- Dependency Updates: Major dependency bumps include BouncyCastle, JLine, Mockito, JUnit, and SnakeYAML, addressing security vulnerabilities and improving stability.
Project Loom - Virtual Threads
If we had to highlight one key feature of jPOS 3, it would be the use of Virtual Threads in critical components like the TransactionManager
, QServer
, ChannelAdaptor
, and more. This innovation is also one of the reasons the release took longer than expected. While we initially aimed to launch alongside Java 21, that version had some issues with pinned platform threads that were later improved in Java 22 and 23. We are now eagerly anticipating Java 24 for even better performance.
With jPOS 3, the TransactionManager
continuations—once a groundbreaking reactive programming feature (long before "reactive programming" became a trend)—are now obsolete. Thanks to Virtual Threads, we can safely handle 100k or more concurrent sessions in the TM without any issues. Virtual Threads are incredibly lightweight and efficient, marking a significant leap forward for jPOS.
As an example, consider a 15-second SLA with a sustained load of 5,000 transactions per second (TPS). That results in 75,000 in-flight transactions—a load that would be unreasonable to handle with traditional platform threads due to resource constraints. However, with Virtual Threads, this scenario becomes entirely manageable, showcasing their incredible efficiency and scalability for high-throughput environments.
Higher loads introduce new challenges. While managing a system with a few hundred threads was feasible using jPOS’s internal logging tools, like the SystemMonitor
and the Q2 log, it becomes unmanageable with 100k+ threads. To address this, we’ve implemented new structured audit logging, integrated Java Flight Recorder, and introduced comprehensive Micrometer-based instrumentation to provide better visibility and control.
Micrometer instrumentation
In jPOS 2, we used HdrHistogram directly to handle certain TransactionManager
-specific metrics. While it was a useful tool for profiling edge cases and offering limited visibility into remote production systems, we fell short in providing robust additional tooling. In jPOS 3, we still rely on HdrHistogram, but instead of using it directly, we now leverage Micrometer—an outstanding, well-designed library that integrates seamlessly with standard tools like Prometheus and OpenTelemetry.
jPOS 3 also includes an embedded Prometheus endpoint server, which can be used out of the box (see q2 --help
, in particular the --metrics-port
and --metrics-path
switches). This provides lightweight yet powerful visibility into channels, servers, multiplexers, and, of course, the TransactionManager
and its participants.
Java Flight Recorder
jPOS 3 incorporates Java Flight Recorder (JFR) instrumentation at key points within the TransactionManager
, the Space
and other sensitive components. This provides deeper insights into application use cases and generates valuable profiling information, enabling us to implement continuous performance improvements effectively.
Structured Audit Log
The Structured Audit Log supports TXT, XML, JSON, and Markdown output and is set to eventually phase out the current jPOS XML-flavored log that has served us well over the years. While the existing log is excellent for development, QA, and small tests, it struggles to handle massive data volumes efficiently. The new structured audit log, built on Java Records that extend the sealed interface AuditLogEvent, is designed to be both human-readable and compact for log aggregation, offering a much more scalable and user-friendly solution. In previous versions of jPOS, we used the ProtectedLogListener
, which operated on live LogEvent
objects by cloning and modifying certain fields. With the new approach, we’ve laid the groundwork for implementing annotation-based security directly on the log records. This ensures that sensitive data is never leaked under any circumstances.
Full Support for Java Modules with module-info
jPOS 3 fully embraces the Java Platform Module System (JPMS) by including module-info
descriptors in its core modules. This allows developers to take full advantage of Java’s modular architecture, ensuring strong encapsulation, improved security, and better dependency management. By supporting Java modules, jPOS integrates seamlessly into modern modularized applications, making it easier to define clear module boundaries, minimize classpath conflicts, and optimize runtime performance. This alignment with the latest Java standards positions jPOS as a forward-looking solution for today’s demanding payment environments.
As part of this transition, we have deprecated OSGi support due to its low traction over the years. Despite a handful of deployments on platforms like Apache Karaf and IBM CICS/Liberty, feedback was minimal, and adoption remained low. The shift to Java Modules provides a more robust and future-proof solution for modularity, aligning jPOS with modern Java standards.
Security Enhancements
- Aligned with JEP 411, deprecating the SecurityManager for removal, reflecting industry best practices.
- Upgraded cryptographic libraries and introduced new cryptogram padding methods for enhanced security.
- Introduced KeyUsage serialization and improved handling of sensitive data, such as track data in ISOUtil.
Configuration and Deployment
- New options for environment property replacement across configuration files.
- Support for complex fields in
IsoTagStringFieldPackager
and auto-configuration of enum fields.
- Added Q2 server command-line switches, including shutdown delay and hook overrides useful on K8S deployments.
- Added GC stats dumping and enhanced thread dump capabilities in SystemMonitor.
- Improved metrics tracking with precise histogram timestamps.
- Optimized handling of multi-level nested ISOMsgs and monotonic time usage in TSpace.
ISO Standards and Protocol Support
- Introduced new packager types, including
IFB_LLLLLLCHAR
, IFB_LLLHEX
, and IFEPE_LLBINARY
.
- Added support for CMF DE 027 - POS Capability and other ISO-related enhancements.
- Improvements in EuroSubFieldPackager and BER/TLV field handling.
- Added helper methods for message class identification and new utilities for working with ISO dates and durations.
- Enhanced the RotateLogListener with
ZoneId
support for better log management.
- Added a NoCardValidator and support for SSH remote resize (WINCH).
Breaking Changes
- Removed legacy modules, including
compat_1_5_2
and QNode
, aligning the codebase with modern usage patterns.
- Deprecated TM Continuations, reflecting a shift to more streamlined transaction management (still supported via VirtualThread simulation).
Bug Fixes and Stability
- Addressed key issues, such as proper BER/TLV field handling and ensuring monotonic time for better reliability.
- Fixed parsing errors in
ISODate
and improved support for track data generation.
Why Upgrade to jPOS 3.0.0?